Re: CfC approved: CSP Level 2 to Candidate Recommendation from Daniel Veditz on 2015-02-10 (public-webappsec@w3.org from February 2015)

From: Daniel Veditz <dveditz@mozilla.com>
Date: Tue, 10 Feb 2015 14:08:22 -0800
To: Mike West <mkwst@google.com>
Cc: Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Wendy Seltzer <wseltzer@w3.org>
Message-ID: <CADYDTCD5S7ihTaKos78QaM3EsO6rE-SxOLCrXJW1hDzvhiyC_g@mail.gmail.com>

On Mon, Feb 9, 2015 at 9:46 PM, Mike West <mkwst@google.com> wrote:

> 3) The reflected-xss directive will remain, but be marked as "At Risk" and
> will be removed post-CR if multiple interoperable implementations cannot be
> demonstrated.
>
> I actually thought we'd agreed to just defer this to CSP3. I landed
> https://github.com/w3c/webappsec/commit/6f89d89bd4965040b9ad30bb8b7ed0105fe4ae10
> earlier this morning to do just that. Again, if I misunderstood, I'll
> revert it.
>

Deferring it to CSP.next was my recollection of the call as well.
-Dan

Received on Tuesday, 10 February 2015 22:08:50 UTC